Discuss one of the following online regulatory concepts, its historical basis and why it should or should not be applied in the Australian context:
- c) the move to biometric identification, with reference to India’s system and other forms of national identity documentation and the right to privacy.
A biometric identification system is a type of authentication service which relies on the matching an individual’s physical characteristics in reference to the individuals stored physical data, on a server, to verify the individual’s identity. The premise of behind using a biometric system over existing over knowledge-based systems, such as single step authentication e.g. pin or passwords, is to lessen the occurrence of fraudulent or criminal activity. Pins and passwords can be more easily cracked or stolen, whereas matching physical traits is a far more secure way of keeping data secure. Some examples include facial recognition, fingerprints and iris scanning.[i] [ii]
In India, a national biometric identification system was introduced in the form of the Aadhaar project. The initial aims of the Aadhaar system, was for more efficient an easier access to demographic data. Each citizen was provided with a card containing date of birth, sex, address, photographs, iris data and fingerprints. Thereafter, the government linked the Aadhaar card to various government and commercial services, such as health care and electricity, allegedly allowing for more secure and more convenient processes.[iii]
The implications of implementing a similar service in Australia could see vast improvements in the way both public and private services are interacted with, however the implications behind how government and business entities would make use of our personal data remains to be questioned. This essay will examine both benefits and drawbacks to such as system, while reviewing the effects a biometric identification system would have on privacy.
With the introduction of cloud-based e-voting systems in India, Australia could follow a similar direction, mitigating the issue of multiple voting during government elections. In 2013 more than 7000 people were suspected of voting multiples time at multiple polling stations during the federal election. The main reason as to why the issue of multiple voting has not been resolved is due to the difficulty of flagging an individual who has already submitted their paper ballot[iv].
In the years prior to the Aadhaar project, India faced the exact same issue, where a mass of individuals, favouriting one party, voted for their preferred party multiple times. With the introduction of the Aadhaar project, India was able to lessen voter fraud. First, the user can only gain access to the online voting technology until he or she is prompted. Next, the user will be required to securely transfer their iris and fingerprint data to the cloud server in connection to the Aadhaar database. Once they have been authenticated, an e-ballot document will be provided, and will be ready for submission.[v]
If Australia decides to introduce a system where biometric authentication and online functionalities replace traditional paper documentation, the country could see efficiency improvements not only in voting but other submission systems. This new system would mitigate double voting and reduce other forms of voter fraud such as forging identities to vote more than once.
However, there are still loopholes in biometric identification systems allowing for separate identities and circumstances where individuals can impersonate others, all while keeping their existing biometric information. For example, the Delhi police received complaints, where an individual was registered under two different names however containing identical biometric information[vi]. This raises the question, that how many other unknown ways of abusing the system to forge multiple identities are there?
Moreover, biometric identification could allow for various benefits in the private sector. With the increased threat of terrorism and other malicious activity, facial identification could be the key to filtering out potential criminals throughout all forms of public transportation. Although current surveillance laws have resulted in a reduction of serious crimes and detaining criminals, it still does not go far enough. Australia’s cyber security minister mentions, that the limited ability to acquire potentially helpful data against serious crimes, has allowed around 200 cases to go unresolved in the last 12 months[vii]. Perhaps by providing more innovative, or by allowing authorised access to biometric data, Australia could become safer overall.
With the introduction of the Aadhaar card, India has already started to combat issues around terrorism. With the previous system, a traveller would only be identified once throughout their journey leaving transportation options more open to attacks. Nowadays, individuals are required to book tickets through biometric identification processes (facial scanning and verification). Next, ticket holders go through a security check once again verifying their Aadhaar status. Finally, ticket holders are directed to their designated platform via text.[viii]
By implementing more sophisticated facial recognition and various forms of authentication systems in public spaces, Australia could see a reduction in crime rates, specifically in the transportation industry. With existing public surveillance already proving effective, Australia could keep better track of criminals and their activities if the government were allowed more access to increased tracking in more spaces. Australia would also be able to keep regular track of high-risk individuals, preventing incidents before they occur.
However, there is always the risk of public biometric information being mishandle by both government entities and companies. Furthermore, public data is not always safely secured which could result in potential data loss or misuse by hackers[ix]. For example, although the Indian government has stated, that Aadhaar servers and databases are completely secured, there have been numerous cases of Aadhaar data being leaked to the public. Furthermore, it has been reported, that Aadhaar data is shared between companies, despite the rules that protect user privacy and data[x].
In addition, biometric identification could revolutionise various payment systems throughout Australia. The potential benefits to replacing traditional pin and card transactions with pay by fingerprint, either through mobile phones or in store scanners, could see dramatic reductions in fraud cases. The proposal to move to a biometric system, comes after a sharp growth in “card not present” fraud, where a credit or debit card is tactfully not present upon payment or inspection by the cashier[xi].
In India, Aadhaar pay was introduced, where, in collaboration with national banks, a person could pay merchants using her or his fingerprint. The whole premise behind Aadhaar pay was to allow for more secure, convenient and faster transactions while also allowing people, who do not carry cards or other transaction enabled devices, better accessibility. In the best interest of the market, banks also promoted local business with a 0.25 percent subsidy per purchase to merchants who offer Aadhaar pay[xii].
However, test have shown that fingerprints as a form of biometric authentication could be less secure than passwords. A German hacker, Jan Krissler, managed to beat Apple’s TouchID technology by using high resolution copies of fingerprints left on the screen of an iPhone. With that, it may not be wise to solely rely on biometric technology. The consequences of stolen biometric data would be far greater than stolen passwords or pins, because biometrics would allow criminals to impersonate an individual and “falsify travel and criminal records and legal documents.”[xiii]
In conclusion, I do believe the benefits of introducing biometric authentication system in Australia would outweigh the possible repercussions. By replacing paper ballots with a combination of online and biometric systems, not only is the entire process quicker and easier for voters but, it also allows governments to see results far more quickly and have reductions in errors and fraudulent votes. Although there is always the chance of individuals hacking the system to possess more than one identity with the same biometric data, future iterations of the technology and strategic machine learning could eliminate these possibilities by identifying and filtering out these cases. In the case of facial recognition systems, although it may initially be an invasion of personal privacy, the implications behind reducing criminal activity justifies the use of this system. If government or law enforcement agencies strategically find ways in which to build trust with the public, perhaps facial recognition would appear less of a violation of privacy. If individuals have an initial scan and interview every few years, perhaps they can opt out or be verified as non-threatening and ignored by this system. Finally, in the case of using biometrics as a form of payment system, although an individual managed to bypass a secure biometric system, innovations in finger scanning recognition or other forms of authentication systems such as face ID could eliminate the possibility of forging physical features. Moreover, pins and passwords are far more likely to be stolen in comparison to biometric data, which is more difficult to crack due to physical features being unique to just one individual.
Overall, as long as government entities update their existing privacy laws, to fall more closely into place with the view of the general public, in addition to innovations and investment into better online and database security, it could lead the way to a more efficient and resourceful Australian way of life.
[i] Sticha, P. and Ford, J. (1999). INTRODUCTION TO BIOMETRIC IDENTIFICATION TECHNOLOGY: CAPABILITIES AND APPLICATIONS TO THE FOOD STAMP PROGRAM. 1st ed. [ebook] R. Lewis & Company, Inc. Available at: https://fns-prod.azureedge.net/sites/default/files/biomvend.pdf
[ii] Jain, A., Hong, L. and Pankanti, S. (2000). Biometric Identification. 1st ed. [ebook] Available at: https://www.researchgate.net/publication/220423488_Biometric_Identification?enrichId=rgreq-6c21bcef50afff012cc0542e99d3d14d-XXX&enrichSource=Y292ZXJQYWdlOzIyMDQyMzQ4ODtBUzoxNjcwNDM2NDcxNTYyMjRAMTQxNjgzNzcxNzg4MQ%3D%3D&el=1_x_2&_esc=publicationCoverPdf
[iii] Raju, R., Singh, S. and Khatter, K. (2017). Aadhaar Card: Challenges and Impact on Digital Transformation. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1708/1708.05117.pdf
[iv] Aston, H. (2018). No voters prosecuted despite 7000-plus cases of suspected voting fraud in the 2013 federal election. [online] The Sydney Morning Herald. Available at: https://www.smh.com.au/politics/federal/no-voters-prosecuted-despite-7000plus-cases-of-suspected-voting-fraud-in-the-2013-federal-election-20150225-13o8cw.html
[v] Raju, R., Singh, S. and Khatter, K. (2017). Aadhaar Card: Challenges and Impact on Digital Transformation. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1708/1708.05117.pdf
[vi] Raju, R., Singh, S. and Khatter, K. (2017). Aadhaar Card: Challenges and Impact on Digital Transformation. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1708/1708.05117.pdf
[vii] Borys, S., Doran, M. and Belot, H. (2018). New tech surveillance laws more a ‘side gate’ than ‘back door’ into Australian phones. [online] ABC News. Available at: http://www.abc.net.au/news/2018-08-14/tech-surveillance-laws-less-of-a-back-door-and-more-a-side-gate/10114534
[viii] Raju, R., Singh, S. and Khatter, K. (2017). Aadhaar Card: Challenges and Impact on Digital Transformation. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1708/1708.05117.pdf
[ix] Othman, A. (2017). Protecting Your Most Private Data – Your Biometrics. [online] Veridium. Available at: https://www.veridiumid.com/blog/protecting-private-data-biometrics/
[x] The Times of India. (2017). Aadhaar data was shared with private companies, reveal papers. [online] Available at: https://timesofindia.indiatimes.com/city/jaipur/aadhaar-data-was-shared-with-private-companies-reveal-papers/articleshow/61544111.cms
[xi] Yeates, C. (2017). Fingerprint payments to be ‘commonplace’ within a year: Visa. [online] The Sydney Morning Herald. Available at: https://www.smh.com.au/business/banking-and-finance/visa-cracks-down-on-online-fraud-with-fingerprint-payments-20171206-p4yxf8.html
[xii] Raju, R., Singh, S. and Khatter, K. (2017). Aadhaar Card: Challenges and Impact on Digital Transformation. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1708/1708.05117.pdf
[xiii] Bergsman, J. (2016). Biometrics are less secure than passwords — this is why. [online] BetaNews. Available at: https://betanews.com/2016/08/24/unsafe-biometrics/